Pretty Pretty Pwnies
sth posted in exploits, hacking on January 1st, 2007
The latest month of bugs trend has started again with the Month of Apple Bugs. The first bug is a buffer overflow in Apple Quicktime rtsp URL Handler. Here is the description from the bug information on the MOAB site:
A vulnerability exists in the handling of the rtsp:// URL handler. By supplying a specially crafted string (rtsp:// [random] + semicolon + [299 bytes padding + payload]), an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition.
Note that this affects the OSX and the Windows versions of Quicktime. It doesn’t look like there is a patch for this yet, but apparently you can disable the rtsp handler within Quicktime.
Here is the official MOAB mascot:
“Mac bugs come in pink.” ™
January 2nd, 2007 at 8:29 pm
come, come with us to the candy hill =)